Archive for June, 2012

Windows 8 Enhanced Security Features

June 16th, 2012 Comments off

Microsoft has published the Windows 8 Release Preview Product Guide for Business, the guide describes how Windows 8 changes the work environments and how Windows is reimagined to support people’s unique working styles.

Windows 8 provides enterprise-class security capabilities that keep clients more secure from power-on to power-off.

Windows 8 provides the following enhanced security features:

Trusted boot process

With UEFI 2.3.1 equipped devices, the UEFI Secure Boot feature helps to ensure that malware is not able to start before Windows 8. The Windows 8 Trusted boot feature protects the integrity of the remainder of the boot process, including the kernel, system files, boot critical drivers, and even the antimalware software itself. The system’s antimalware software is the first 3rd party application or driver to start. Moving antimalware into the Trusted Boot process prevents it from being tampered with. In the event that malware is able to successfully tamper with the boot process Windows can automatically detect and repair the system.

Measured boot process

On Trusted Platform Module (TPM)-based systems, Windows 8 can perform a comprehensive chain of measurements during the boot process that can be used to further validate the boot process beyond Trusted Boot. Measured boot process enables all aspects of the boot process to be measured, signed, and stored in a Trusted Platform Module (TPM) chip. This information can be evaluated by a remote service to further validate a computer’s integrity before granting it access to resources. This process is called Remote Attestation.

BitLocker Drive Encryption

BitLocker now supports encrypted drives, which are hard drives that come pre-encrypted from the manufacturer. BitLocker offloads the cryptographic operations to hardware, increasing overall encryption performance and decreasing CPU and power consumption. On devices without hardware encryption, BitLocker allows you to choose to encrypt the used space on a disk instead of the entire disk. As free space is used, it will be encrypted. This results in a faster, less disruptive encryption of a hard drive. In addition, the user experience is improved by allowing a standard user, one without administrative privileges, to reset the BitLocker PIN.


AppLocker enables IT administrators to create security policies through Group Policy to prevent potentially harmful or other non-approved apps from running. With AppLocker, IT administrators can set rules based on a number of properties, including the signature of the application’s package or the app’s package installer and can more effectively control apps with less management.

Windows SmartScreen app reputation service

Windows SmartScreen app reputation is a safety feature in Windows 8. This service provides application reputation-based technologies to help protect users from malicious software that they may encounter on the Internet. This technology checks reputation on any new application, helping to keep users safe no matter what browser they use Windows 8. This helps to prevent malware and other viruses from infiltrating your organization. The Windows SmartScreen app reputation feature works with Internet Explorer’s SmartScreen feature, which also protects users from websites seeking to acquire personal information such as user names, passwords, and billing data.

Claim-based access control

With Windows 8, IT administrators can dynamically allow users access to the data they need based on the user’s role in the company. Unlike previous statically-controlled security groups, Claim-based access control allows IT admins to dynamically control access to corporate resources based on the user and device properties that are stored in Active Directory. For example, a policy can be created that enables individuals in the finance group to have access to specific budget and forecast data, and the human resources group to have access to personnel files.


802.1X Authenticated Wireless Access

June 14th, 2012 Comments off

Windows Server provides features that you can use to deploy IEEE 802.1X authenticated wireless service for wireless network clients. In combination with the 802.1X-capable wireless access points APs and other Windows Server services that you deploy on your network, you can use these Windows Server features to control who can access your network.

You can also use features in Windows Server to define the wireless network adapter connectivity and security settings that your wireless clients use for connection attempts. For example, Network Policy Server NPS allows you to create and enforce network access policies for authentication, authorization, and client health. The Wireless Network (IEEE 802.11) Policies in Windows Server Group Policy GPO enable you to configure your network client computers with the security and connectivity settings that they must use to connect to your network.

This checklist provides the tasks required to deploy 802.1X wireless access points with Network Policy Server (NPS).

Task Reference
Install and configure 802.1X wireless access points on your network. RADIUS Server for 802.1X Wireless or Wired Connections and your hardware documentation
Determine the authentication method you want to use. RADIUS Server for 802.1X Wireless or Wired ConnectionsCertificate Requirements for PEAP and EAPEAP OverviewPEAP Overview; and your hardware documentation
Autoenroll a server certificate to servers running NPS or purchase a server certificate. Deploy a CA and NPS Server Certificate and Obtaining and Installing a VeriSign WLAN Server Certificate for PEAP-MS-CHAP v2 Wireless Authentication on the Microsoft Download Center at
If you are using Extensible Authentication Protocol-Transport Layer Security (EAP-TLS) or Protected Extensible Authentication Protocol-Transport Layer Security (PEAP-TLS) without smart cards, autoenroll client or computer certificates to domain member client computers. Deploy Client Computer Certificates and Deploy User Certificates
Configure 802.1X wireless access clients by using the Group Policy Management extension, Wireless Network (IEEE 802.11) Policies. Configure 802.1X Wireless Access Clients by using Group Policy Management
Configure 802.1X wireless access points as Remote Authentication Dial-In User Service (RADIUS) clients in NPS. Add a New RADIUS Client and RADIUS Client
Create a user group in Active Directory® Domain Services (AD DS) that contains the users who are allowed to access the network through the wireless access points. Create a Group for a Network Policy
In NPS, configure one or more network policies for 802.1X wireless access. Add a Network PolicyCreate policies for 802.1X Wired or Wireless with a Wizard; and Network Policies

TechDays Sweden 2012 – Security Features in Windows 8 & Server 2012

June 8th, 2012 Comments off

Inspelningen från TechDays Sweden 2012 finns nu att ladda ner här 

  TechDays Sweden 2012 download:(219.3 MiB, 4,817)

eller köra direkt i denna sida

Tack till DXter PowerAdmin för medverkande med ADFS demo 🙂